FAQs and Troubleshooting

Share Reported Phishing Emails with KnowBe4 Using the Phish Alert Button (PAB)

If your organization uses the Phish Alert Button (PAB), you have the option to send copies of reported phishing emails to KnowBe4. This Send Us a Copy setting is located in the Phish Alert section of your KMSAT Account Settings and is disabled by default.

We strongly recommend that you enable this setting. By sharing reported phishing emails with KnowBe4, you can help educate users about the various techniques and scams hackers use to try to trick people.

Effects of Enabling This Setting

If you enable this setting, KnowBe4 will receive a copy of each email that your users report as a potential phishing email. The email will be stored in an encrypted container.

Once our security research team receives the email, they will review it to determine if it is a real phishing email. If it is a phishing email, the email will then be analyzed in a sandbox environment to determine the type of attack or method being used and the overall goal of the phishing email. We determine if the email uses credentials phishing, malicious attachments, ransomware, business email compromise, or other forms of phishing and social engineering.

As part of this process, KnowBe4 also helps the cause of security awareness by sharing reported phishing email data with security research partners.

At times, reported emails may turn out to not be phishing emails. If an email is determined to be safe, it will not be analyzed or shared with security research partners.

Benefits of Enabling This Setting

Although this setting is disabled by default, we recommend that you enable it. By sharing reported phishing emails with KnowBe4, you are helping our mission and allowing us to educate millions of users about real-life phishing attacks.

Here are a few examples of how we use this data:

  • Our Reported Phishes of the Week category uses 10 real-life phishing attacks from the previous week's PAB submissions and lets you test your users on recent attacks.
  • The Scam of the Week is often developed based on the research our team has done on PAB-reported phishing emails. For more information, see our What Is the Scam of the Week Newsletter? article.
  • Our blog Cyberheist News covers recent scams to help educate and strengthen security teams around the world. 

If your reported phishing email is used for any of the above reasons, personally identifiable or organization-specific information will be erased from the email.

Thank you for your help in enabling employees to make smarter security decisions every day.

How to Whitelist This Option

If your organization is sending information to KnowBe4 using the Send Us a Copy setting, you can whitelist the email address to ensure this information is being delivered. Use the following email to whitelist: phishalert@kb4.io.

My User Reported a Sensitive Email

We appreciate you sharing your reported phishing emails but we understand that users might accidentally report legitimate emails that contain sensitive information.

If one of your users reported a legitimate, confidential email, you may submit a support ticket to request that we delete this email from our systems. Please include your user’s email address and the subject line of the reported email in your request to ensure we can process your request successfully.

Can't find what you're looking for?

Contact Support